Hi everyone, for additional security, we disable DSA and RSA host keys on all infra.opensuse.org machines in favor of Ed25519 and ECDSA. If you use a modern operating system, you likely do not notice this change, and you likely already trust either one of the more modern keys for the machines you work with. To ensure the authenticity of your SSH connections, I recommend only connecting to hosts the keys of which you verified. I started a repository containing an automatically generated known_hosts file with trusted entries for all of our Salt managed machines - you can incorporate this into your own known_hosts file. It is now also possible to use DNS based verification using SSHFP records, which are automatically generated for all machines - whilst this is preferred over maintaining known_hosts entries, it requires additional considerations in your client side setup. The generated known_hosts file as well as instructions for utilizing the SSHFP records can be found in this repository (from within the Heroes VPN): https://gitlab.infra.opensuse.org/infra/ssh_known_hosts Note the thor.infra.opensuse.org jump servers are already configured for strict host key checking and DNS verification. Best, Georg